https://community.checkpoint.com/t5/Firewall-and-Security-Management/Passing-traffic-through-6200P-via-bonded-and-bridged-interfaces/m-p/147219#M23486 <P>We are attempting to deploy a 6200 between Cisco switch stacks via bridged interfaces.&nbsp; Topology is such that Stack 1 connects to Stack 2 and Stack 3 via separate 2 port Etherchannels).&nbsp; We have configured the Checkpoint with 2 Bridge interfaces (comprised of 2 bonds each).</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2022-04-27_11-50-16.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16210i6694150EC8929EF0/image-size/large?v=v2&amp;px=999" role="button" title="2022-04-27_11-50-16.jpg" alt="2022-04-27_11-50-16.jpg" /></span></P><P>In limited testing, this deployment appears to be working okay.&nbsp; However, when attempting to move to production, certain traffic doesn't pass, even with an Any Any allow rule.&nbsp; &nbsp;There are a lot of "Data received before SYN was acknowledged" entries in the logs.&nbsp; Any thoughts as to if this is somehow config related to the bridge or bond setups?&nbsp; There doesn't seem to be much in the way of options when configuring them.</P><P>Thanks for any assistance,</P><P>Jerry</P><P>&nbsp;</P> Wed, 27 Apr 2022 16:03:09 GMT jacowser 2022-04-27T16:03:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Passing-traffic-through-6200P-via-bonded-and-bridged-interfaces/m-p/147219#M23486 <P>We are attempting to deploy a 6200 between Cisco switch stacks via bridged interfaces.&nbsp; Topology is such that Stack 1 connects to Stack 2 and Stack 3 via separate 2 port Etherchannels).&nbsp; We have configured the Checkpoint with 2 Bridge interfaces (comprised of 2 bonds each).</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2022-04-27_11-50-16.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16210i6694150EC8929EF0/image-size/large?v=v2&amp;px=999" role="button" title="2022-04-27_11-50-16.jpg" alt="2022-04-27_11-50-16.jpg" /></span></P><P>In limited testing, this deployment appears to be working okay.&nbsp; However, when attempting to move to production, certain traffic doesn't pass, even with an Any Any allow rule.&nbsp; &nbsp;There are a lot of "Data received before SYN was acknowledged" entries in the logs.&nbsp; Any thoughts as to if this is somehow config related to the bridge or bond setups?&nbsp; There doesn't seem to be much in the way of options when configuring them.</P><P>Thanks for any assistance,</P><P>Jerry</P><P>&nbsp;</P> Wed, 27 Apr 2022 16:03:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Passing-traffic-through-6200P-via-bonded-and-bridged-interfaces/m-p/147219#M23486 jacowser 2022-04-27T16:03:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Passing-traffic-through-6200P-via-bonded-and-bridged-interfaces/m-p/147297#M23507 <P>Those messages often related to a specific protection: "<SPAN>TCP SYN Modified Retransmission"&nbsp;</SPAN></P> <P><SPAN>It's necessary to understand the specific traffic flow that is triggering this to determine if their is a networking problem or other cause that can be otherwise handled.</SPAN></P> <P>Refer also:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk63160" target="_self">sk63160: Aggregated TCP logs (Potential Network Configuration Problem)</A>&nbsp;</P> Thu, 28 Apr 2022 07:31:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Passing-traffic-through-6200P-via-bonded-and-bridged-interfaces/m-p/147297#M23507 Chris_Atkinson 2022-04-28T07:31:32Z